Saitel DR & Saitel DP Remote Terminal Unit

Monitor6.6SEVD-2025-252-02Sep 9, 2025

Attack VectorLocal

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

Saitel DR and Saitel DP Remote Terminal Units contain a command injection vulnerability in input processing that could allow arbitrary code execution. The vulnerability exists in versions Saitel DR <= 11.06.29 and Saitel DP <= 11.06.33.

What this means

What could happen

An attacker with local access could inject commands into the RTU that execute with device privileges, potentially altering network control commands, disrupting data acquisition, or compromising the integrity of distribution and transmission network operations.

Who's at risk

Energy utilities operating Schneider Electric Saitel DR or Saitel DP Remote Terminal Units in distribution, transmission, and generation networks should assess this risk. These devices are also deployed in railway automation systems. The vulnerability requires local or direct interface access, limiting remote exposure but still posing risk in environments where maintenance staff or contractors have device access.

How it could be exploited

An attacker with local access to the RTU or the ability to send specially crafted input to an affected command interface could inject shell commands that execute on the device. These commands run with the privileges of the RTU process and could manipulate network control logic or disable monitoring functions.

Prerequisites

Local access to the RTU command interface or physical access to the device
Ability to submit unvalidated input to a command processing function
Low privilege account or direct interface access

Local exploitation onlyLow EPSS score (<1%)Command injection (CWE-78)Affects critical infrastructure devicesRequires firmware reboot for remediation

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

Saitel DR RTU≤ 11.06.2911.06.30

Saitel DP RTU≤ 11.06.3311.06.34

Remediation & Mitigation

0/5

Do now

0/2

HARDENINGRestrict physical and local network access to RTU management interfaces to authorized personnel only

HARDENINGImplement access controls on RTU command interfaces to limit who can submit input

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

Saitel DR RTU

HOTFIXUpdate Saitel DR RTU firmware to version 11.06.30 or later

Saitel DP RTU

HOTFIXUpdate Saitel DP RTU SM_CPU866e firmware to version 11.06.34 or later

All products

HOTFIXPlan firmware upgrades during maintenance windows and schedule device reboots accordingly

CVEs (2)

CVE-2025-9996 CVE-2025-9997

View full Schneider Electric advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/33a1b222-64b8-45e5-ad5d-f05e03d5c18c